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DETAILED ACTION 
Response to Amendment 

1. Applicant's amendment file 21 February 2007 amend claims 1,14, and 25, Applicant's 
amendment has been fully considered and entered. 

Response to Arguments 

2. Applicant's argument that the Foster references do not disclose "a network-attached 
storage device," hasbeen fully considered and is persuasive. Therefore, the rejection has been 
withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view 
of Burns, U.S. Patent No. 6,405,315. 

3. Applicant's argument that the specification describes checksums is not persuasive to 
overcome an antecedent basis rejection of the claims. A checksum was never defined in the 
claims antecedent basis prior to the limitation in question. 

Claim Objections 

4. A series of singular dependent claims is permissible in which a dependent claim refers to 
a preceding claim which, i'n turn, refers to another preceding claim. 

5. A claim which depends from a dependent claim should not be separated by any claim 
which does not also depend from said dependent claim. It should be kept in mind that a 
dependent claim may refer to any preceding independent claim. In general, applicant's sequence 
will not be changed. See MPEP § 608.0 l(n). 

6. Claim 5 depends from claim 3 and is separated by claim 4, which is not dependent upon 
claim 3. Claims 5-1 1 are objected to. 

Claim Rejections - 35 USC § 112 
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7. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

8. Claims 23, 31 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 

9. Claim 23 recites the limitation "a written data block's version number and checksum" in 
lines 2-3. There is insufficient antecedent basis for this limitation in the claim. A checksum was 
never defined as part of a data blocks data structure in the tree. For the purposes of examination, 
previously defined 'integrity value' will used instead. 

10. Claim 31 reches the limitation "a written data block's version number and checksum" in 
line 3. . There is insufficient antecedent basis for this limitation in the claim. A checksum was 
never defined as part of a data blocks data structure in the tree. For the purposes of examination, 
previously defined 'integrity value' will used instead. 

Claim Rejections - 35 USC § J 02 

1 1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign counlr>' or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

12. Claims 1,2, 12-15, 25, 26 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Burns, U.S. Patent No. 6,405,315. Referring to claims 1, 14, 25, Burns discloses a decentralized 
remotely encrypted file system wherein a network storage device is used to store encrypted files 
for network clients (Figure 2 & Col. 3, lines 44-52 & Col. 5, lines 25-45), which meets the 
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limitation of a network-attached storage device for storing encrypted data. A network client must 
encrypt the data prior to transmission to the network storage device for storage (Col. 3, lines 49- 
52 & Col. 5, lines 40-45), which meets the limitation of means at a client device for encrypting 
data prior to sending data blocks to said network-attached storage device. The encrypted data 
includes a hash of the data to detect corruption or unauthorized changes to the data (Figure 5 & 
Col. 8, lines 5-10), which meets the limitation of said encrypting means protecting 
confidentiality and integrity of data blocks sent to said network-attached storage device, means 
for generating an integrity value corresponding to one or more data blocks, said integrity vahie 
comprising information for preventing modification, relocation and replay of data for each data 
block sent to said network-attached storage device, means for storing said integrity values of one 
or more data blocks. When a client requests access to the stored data, the data is sent to the 
network client, decrypted, hashed, and verified by comparing the calculated hash with the 
previously calculated hashed that was stored with the data (Col. 8, lines 5-10 & Col. 10, line 60 - 
Col. 11. line 1 7), which meets the limitation of means at said client device for receiving and 
decrypting data blocks received from said network-attached storage device, means for 
performing an integrity check at said client device utilizing stored integrity values corresponding 
to one or more said data blocks received from said network-attached storage device, wherein said 
integrity check protects the integrity of data blocks stored in said network-attached storage 
devices. 

Referring to claims 2, 15, 26, Bums discloses a network client must encrypt the data prior 
to transmission to the network storage device for storage (Col. 3, lines 49-52 & Col. 5, lines 40- 
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45), which meets the limitation of encryption means generates encrypted cipher text data blocks 
that are a function of plaintext data included in said data block and a first encryption key. 

Referring to claim 12, Bums discloses that the network storage device includes disk 
drives for storage (Col. 5, lines 7-8), which meets the limitation of said storage device comprises 
non-volatile storage. 

Referring to claim 13, Burns discloses that the network storage device is remotely located 
from said client deice, said encrypted blocks being written across a network link (Figure 1). 

Claim Rejections - 35 (JSC §103 

13. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

14. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 
(1 966), that are applied for establishing a background for determining obviousness under 35 
U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness 
or nonobviousness. 

15. Claims 3, 5-1 1 ,16, 18-24, 27-32 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Burns, U.S. Patent No. 6,405,3 1 5, in view of Pang, U.S. Patent No. 6,93 1 ,543, 
further in view of Tatebayashi, U.S. Patent No. 5,124,1 17. Referring to claims 3, 16, 27, Burns 
discloses a decentralized remotely encrypted file system wherein a network storage device is 
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used to store encrypted files for network clients (Figure 2 & Col. 3; lines 44-52 & Col. 5, lines 
25-45). Bums discloses that timestamps are included and associated with the encrypted data to 
identify when the data was last modified and/or accessed (Figure 5 & Col. 12, lines 66-67). 
Burns does not disclose utilizing an address location for the data or a version number that 
indicates a block write increment in the encryption process. Pang discloses a programmable logic 
device for decrypting data that utilizes address information for the encryption and decryption of 
the data (Col. 3, lines 57-62), which meets the limitation of said encryption means implements a 
whitening value which is a function of a second encryption key, an address location for said 
storage block, said encryption means further generating cipher text data blocks that are 
additionally a function of said whitening value. Tatebayashi discloses a cryptographic system 
wherein timestamps are utilized in the enciyption process of data (Col. 14, lines 11-15), which 
meets the limitation of encryption means implements a whitening value which is a function of a 
version number indicating a block write increment. It would have been obvious to one of 
ordinary skill in the ait at the time the invention was made to include the location address 
information of the data and timestamps, as it is stored in the network storage device in Burns, in 
order to prevent attacks that relocate portions of the encrypted bitstream such that when they are 
unencrypted they are placed into visible portions of the device not intended by the designer as 
taught by Pant (Col. 3, lines 55-58) and to prevent attacking users from listening to 
communications and conspiring to obtain the encry'ption key as taught by Tatebayashi (Col. 13, 
lines 9-31 & Col. 14, lines 1 1-15). 

Referring to claims 5, 18, Burns discloses that each block of data in the file structure of 
the network storage device has a hash value (Figure 5 & Col. 8, lines 5-1 1), which meets the 
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limitation of means for storing said integrity values of written data blocks further includes means 
for generating an integrity tree structure, said integrity structure storing integrity values 
corresponding to each disk block written to said storage device. 

Referring to claims 6, 19, 28, Bums discloses that the entries of the file structure also 
contain meta data (Col. 2, lines 30-33 & Col. 5, lines 25-28), which meets the limitation of said 
integrity tree comprises a hierarchical data structure, said hierarchical data structure including 
two or more layers of integrity data structures, each successive layer of integrity data structures 
including meta-data protecting integrity of data at an immediate prior layer. 

Referring to claims 7, 8, 20, 21, 29, Bums discloses that the entries of the file structure 
also contain meta data (Col. 2, lines 30-33 & Col. 5, lines 25-28). Burns does not disclose 
utilizing an address location for the data or a version number that indicates a block write 
increment in the encryption process. Pang discloses a programmable logic device for decrypting 
data that utilizes address information for the encryption and decryption of the data (Col. 3, lines 
57-62), which meets the limitation of said encryption means implements a whitening value 
which is a function of a second encryption key, an address location for said storage block, said 
encryption means further generating cipher text data blocks that are additionally a function of 
said whitening value. Tatebayashi discloses a cryptographic system wherein timestamps are 
utilized in the encryption process of data (Col. 14, lines 11-15), which meets the limitation of 
said hierarchical data structure includes said written encrypted data blocks at a first layer, and a 
succeeding layer of meta data blocks, each meta data block including data structures representing 
a plurality of disk blocks written at said first layer, each meta data block data structure 
comprising an integrity value and a version number pair for each of said plurality of disk blocks, 
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said integrity tree includes a succeeding layer of higher level meta data blocks for protecting a 
layer of meta data blocks below, each higher level meta data block comprising data structures 
representing a plurality of meta data blocks, each higher level meta data block data structure 
comprising an integrity value and version number pair generated for each of said plurality of 
meta data blocks. It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to include the location address information of the data and timestamps, as it 
is stored in the network storage device in Burns, in order to prevent attacks that relocate portions . 
of the encrypted bitstream such that when they are unencrypted they are placed into visible 
portions of the device not intended by the designer as taught by Pant (Col. 3, lines 55-58) and to 
prevent attacking users from listening to communications and conspiring to obtain the encryption 
key as taught by Tatebayashi (Col. 13, lines 9-31 & Col. 14, lines 11-15). • 

Referring to claims 9, 22, Burns discloses that the file structure has a hash for each entry, 
which could be a director>' (Figure 5 & Col. 7, lines 1 1-22) such as the root directory (Col. 10, 
lines 20-26), which meets the limitation of a top layer of said hierarchical data structure includes 
a root data structure for protecting integrity of all content written to said storage device. 

Referring to claims 10. 1 1, 23, 24, 30-32, Burns discloses that the file system data can be 
updated (CoL 5, lines 40-45), means comparing integrity of data blocks to be read on a path from 
said root data structure via successive higher meta data blocks and meta data block layers until a 
desired data block at a first layer is read. Bums does not disclose utilizing an address location for 
the data or a version number that indicates a block write increment in the encryption process. 
Pang discloses a programmable logic device for decrypting data that utilizes address information 
for the encryption and decryption of the data (Col. 3, lines 57-62), which meets the limitation of 
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said encryption means implements a whitening value which is a function of a second encryption 
key, an address location for said storage block, said encryption means further generating cipher 
text data blocks that are additionally a function of said whitening value. Tatebayashi discloses a 
cryptographic system wherein timestamps are utilized in the encryption process of data (Col. 14, 
hnes 11-15), which meets the limitation of writing a data block to said storage device, said 
writing including updating a written data block's version number and checksum in the associated 
meta data blocks, and, said checksum and version number value updating being performed at 
each successive meta data layer corresponding to said written data block, including updating 
performed at said root data structure. It would have been obvious to one of ordinary skill in the 
art at the time the invention was made to include the location address information of the data and 
timestamps, as it is stored in the network storage device in Burns, in order to prevent attacks that 
relocate portions of the encrypted bitstream such that when they are unencrypted they are placed 
into visible portions of the device not intended by the designer as taught by Pant (Col. 3, lines 
55-58) and to prevent attacking users from listening to communications and conspiring to obtain 
the encryption key as taught by Tatebayashi (Col. 13, lines 9-31 & Col. 14, lines 11-15). 
16. Claims 4, 17 are rejected under 35 U.S.C. 103(a) as being unpatentable over Burns, U.S. 
Patent No. 6,405,315, in view of Aiello, U.S. Patent No. 5,608,801. Referring to claims 4, 17, 
Bums discloses a decentralized remotely encrypted file system wherein a network storage device 
is used to store encrypted files for network clients (Figure 2 & Col, 3, lines 44-52 & Col. 5, lines 
25-45). Burns does not disclose using DES or AES encryption. It would have been obvious to 
one of ordinary skill in the art at the time the invention was made to utilize the DES algoritlim to 
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encrypt the data of Burns because DES provides a reasonable fast and commercially available 
encryption algorithm as taught in Aiello (Col. 3, lines 55-57). 

Conclusion 

17. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MON Tf IS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.1 36(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutorj^ period for reply expire later than SIX MONTHS from the date of this 
final action. 

1 8. Any inquiry concerning this communication or earlier comniunications from the 
examiner should be directed to Benjamin E. Lanier whose telephone number is 571-272-3805. 
The examiner can normally be reached on M-Th 7:30am-5:00pm, F 7:30am-4pm, 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
superN'isor, Gilberto Barron can be reached on 571-272-3799. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAJR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 





Benjamin E. Lanier 
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